5 matches found
EUVD-2019-6697
Malware in sbrugna...
CVE-2019-15773
The nd-travel plugin before 1.7 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...
WordPress nd-travel plugin unauthorized operation vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. nd-travel is a plugin used in it for selling travel products online. A security vulnerability exists in WordPress nd-travel plugin...
CVE-2019-15773
The nd-travel plugin before 1.7 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...
CVE-2019-15773
The CVE-2019-15773 entry concerns the WordPress nd-travel plugin prior to 1.7. A nopriv_ AJAX action enables modification of the siteurl setting, meaning an unauthenticated user could alter the site URL via AJAX. Affected component: nd-travel plugin (WordPress). Root cause: insufficient access co...